Security and Compliance

As an IT professional you need to be able to assure your clients that their data is secure at every step of the process—not just once it’s in the cloud. We take the security and compliance of your clients’ data very seriously.


If you handle Personal Health Information (PHI) for your healthcare clients, you know the importance of complying with United States HIPAA and HITECH regulations. Migrations need to follow these same regulations. BitTitan released the first-ever HIPAA/HITECH-compliant suite of migration products to ensure your data is as secure during your move to the cloud as it is upon arrival. With strict security management processes, advanced technical safeguards, defense-grade encryption algorithms, and rigid information-access controls, we keep information safe and secure—allowing you to focus on completing the project.


BitTitan data centers operating within Azure are PCI compliant, and around the world are AICPA SSAE 16 (formerly SAS 70 Type II) compliant.

EU Model Clauses

We have a company-wide compliance program to meet this rigorous standard, and BitTitan can offer the EU Model Clauses to our European customers.

General Data Protection Regulation

For GDPR questions and requests, please email


Zero Deployment

BitTitan products operate outside of the firewall and connect to messaging systems the same way any external user would. There is no need to install third-party software inside of your firewall or network.

Mailbox Data

Mailbox data (including subjects, bodies, attachments, etc.) are not stored on our servers. In some cases, the data may be cached temporarily in order to optimize network throughput. If cached, rest assured that your data is wiped immediately once that mailbox is done migrating.

Mailbox Credentials

Mailbox credentials are stored using military-grade AES encryption. The credentials are immediately purged from the system once you delete the corresponding configuration to which it is associated.

Auto-Purge Policy

We have implemented an automatic purge policy that will delete any configuration that is not used. If no migration has been performed within 90 days (either of your last migration or creation of configuration, whichever is later), we will delete the data from our servers. You can configure this to be a longer or shorter period.

Data Centers

BitTitan leverages Azure data centers, which are compliant with ISO/IEC 27001/27002:2013, SOC 1 Type 2 and SOC 2 Type 2, PCI DSS Level 1, FISMA, HIPAA/HITECH, CJIS, CSA CCM, FERPA and others. Customers can select from a variety of data center regions in which migrations will be processed. We offer data center locations in ​Australia, Europe, North America, Japan, South America, and Southeast Asia.